"Karsten M. Self" <kmself@ix.netcom.com> writes: > on Mon, Nov 19, 2001 at 03:11:03PM -0700, Gary Hennigan > ([EMAIL PROTECTED]) wrote: > > My preferred solution is to su to root and do: > > > > export XAUTHORITY=~myusername/.Xauthority ;export DISPLAY=:0.0 > > > > I think there are still some security concerns even with this, but > > it's better than "xhost + localhost", as far as security goes anyway. > > > > The other option is to get the "Magic Cookie" of your xsession. The > > sequence would be something like: > > > > % xauth list > > junk/unix:0 MIT-MAGIC-COOKIE-1 a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7 > > 192.168.1.1 MIT-MAGIC-COOKIE-1 a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7 > > % su - > > Password: > > root% xauth add 192.168.1.1 MIT-MAGIC-COOKIE-1 > a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7 > > root% export DISPLAY=192.168.1.1:0 > > > > I think that's the best approach if you're up-tight about security. > > I'd pick a variant of your second which is IMO both easier and more > secure than allowing another user to specify root's Xauth file: > > $ xauth merge ~user/.Xauthority > > ...will give root all the cookies in a user's xauth database. > > > Of course if you're really up-tight about security you wouldn't be > > using X at all! ;) > > Y?
Because it's easy to "do the wrong thing" with X and allow "bad things" to happen. For example, the aforementioned "xhost + localhost". Plus, this isn't under the control of the sysadmin. A user can log in and do an "xhost +" and some unfriendly user can effectively get into that account and do bad things. Gary
